To minimize the possibility of a digital attack, Industrial Control Systems (ICS) are supposed to "run" in a physically isolated environment. However, this is not always the case. In their report on the landscape of the threats faced by ICS, Kaspersky Lab experts have revealed 13.698 ICS servers exposed on the Internet and they seem likely to belong to large organizations. 
These organizations are in areas such as energy, transport, aerospace, oil and gas, chemicals, automotive, manufacturing, food and beverages, government agencies, financial institutions, health organizations. The 91,1% of these ICS hosts have vulnerabilities that can be exploited remotely.
But the worst is not: The 3,3% of the ICS hosts in these organizations contain critical and remote executable vulnerabilities.
Exposing ICS data on the Internet provides many opportunities, but also many security concerns. On the one hand, connected systems are more flexible in terms of rapid response to critical situations and application updated versions. But on the other hand, the expansion of the Internet gives digital criminals the opportunity to remotely control the most important elements of ICS, which can lead to physical damage to the equipment, as well as potential risk to the entire critical infrastructure.
Sophisticated attacks on ICS are not new. 2015, an organized hacker group named BlackEnergy APT attacked an electricity company in Ukraine. In the same year, two more incidents, supposedly related to digital attacks, were reported in Europe: a steel workshop in Germany and the airport Frederic Chopin in Warsaw.
More attacks of this kind will arise in the future, as the field of attack is large. These 13.698 hosts, located in 104 countries, are only a small part of the total number of ICS-enabled hosts available over the Internet.
To help organizations working with ICS systems to identify potential weak points, Kaspersky Lab experts conducted an investigation into ICS threats. Their analysis was based on OSINT (Open Source Intelligence) and information from public sources, such as ICS CERT, with the research period being limited to 2015.
The main findings of the exhibition "The Landscape of Threats in Industrial Control Systems" are:
- Overall, 188.019 hosts have been detected with ICS data available over the Internet in 170 countries.
- Most of the remotely available ICS-based servers are located in the United States. (30,5% - 57.417) and in Europe. In Europe, Germany is the leader (13,9% - 26.142 servers), followed by Spain (5,9% - 11.264 servers) and France (5,6% - 10.578 servers).
- The 92% (172.982) of the remote ICS servers available have vulnerabilities. 87% of these hosts contain medium-risk vulnerabilities, and 7% of these contain critical vulnerabilities.
- The number of vulnerabilities in ICS data has increased tenfold over the past five years: from 19 vulnerabilities 2010 to 189 2015. The most vulnerable ICS elements were Human Machine Interface Systems (HMI), Electrical Devices and SCADA systems.
- 91,6% (172.338 different hosts) of all externally available ICS devices uses weak Internet connection protocols, which allows attackers to conduct man-in-the-middle attacks.
"Our research shows that the greater the ICS infrastructure, the greater the chance it will have serious" holes "in the security segment. This is not the fault of the software or its vendor hardware. By its nature, the ICS environment is a mix of different but interrelated components, many of which are connected to the Internet and contain themeτα ασφάλειας. Δεν υπάρχει 100% εγγύηση ότι η συγκεκριμένη εγκατάσταση ICS δεν θα παρουσιάσει ένα τουλάχιστον ευάλωτο στοιχείο σε κάποια χρονική στιγμή. Ωστόσο, αυτό δεν σημαίνει ότι δεν υπάρχει τρόπος για να προστατευτεί από τις ψηφιακές επιθέσεις ένα εργοστάσιο, μια μονάδα παραγωγής ενέργειας ή ακόμα και ένα τετράγωνο σε μια «έξυπνη» πόλη.
Simple briefing on the vulnerabilities of data used in a particular industrial facility is the basic prerequisite for managing plant safety. This was one of the reasons that led us to develop our report: To help raise awareness among all concerned about the issue, said Andrew Suvorov, Head of Critical Infrastructure Protection of Kaspersky Lab.
To protect the ICS environment from possible digital attacks, Kaspersky Lab's security experts recommend the following:
- Perform a security check: the call for industrial safety experts is perhaps the quickest way to identify and eliminate the security gaps described in the report.
- Request external expertise: Today, the security of IT infrastructures is based on the knowledge of potential attackers. Access to trusted vendor information helps organizations anticipate future attacks on the company's industrial infrastructure.
- Provide protection inside and outside the perimeter: Errors happen. A proper security strategy must have significant resources to detect and respond to attacks, and to prevent an attack before it reaches critical and important items.
- Evaluate advanced protection methods: A default Deny scenario for SCADA systems, regular integrity checks for auditors, and specialized network monitoring they can help increase the overall security of the company and reduce the chances of a successful one infringements, even if some inherently vulnerable nodes cannot be patched or removed.
The full report on "Landscape of Threats in Industrial Control Systems" is available on the website Securelist.com.
